Michael Young writes: On May 13, 2013, Vermont Governor Peter Shumlin signed H.513 into law. The new law includes an amendment to Vermont’s Security Breach Notice Act, 9 V.S.A. § 2435. Previously, under § 2435, Vermont-regulated financial institutions were exempt from notifying any Vermont authority in case of a security breach involving personally identifiable data. The new…
Category: Breach Laws
Dutch govt proposes data breach notification requirements
Telecompaper reports: The Dutch government has proposed legislation tightening rules for disclosing breaches of personal data. The proposal sent to parliament by the justice ministry would require any breach of personal data, whether by public or private organisations, to be disclosed both to the privacy regulator CBp and to the person whose data was compromised….
Senator Toomey reintroduces bill to preempt state data breach notification laws
John Eggerton reports that Senator Pat Toomey (R-PA) has introduced the “Data Security and Breach Notification Act of 2013” (S. 1193). Although the bill’s text is not yet available online, it’s reportedly the same bill he introduced last year: In the event of data breaches, “the bill would direct companies possessing personal data to notify…
Data breach notification rules should only apply where individuals are ‘severely affected’, say EU Ministers
Out-Law.com reports: Businesses should only have to report that they have experienced a personal data breach in cases where it is likely that individuals’ rights and freedoms have been “severely affected” by such a breach, EU Ministers have proposed. The Working Party on Information Exchange and Data Protection (DAPIX), set up within the structure’s of…
SEC and CFTC jointly adopt identity theft red flags rules applicable to investment advisers and others
Catherine M. Anderson and Gabrielle A. Bernstein of Foley Hoag LLP write: On April 10, 2013, the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) jointly adopted identity theft red flags rules (the Rules) and corresponding guidelines requiring certain SEC and CFTC-regulated entities to implement identity theft prevention programs. The Rules…
Australian government brings on mandatory data breach notification
Josh Taylor reports: After close to five years of work, the Australian government will introduce mandatory data breach notification legislation into parliament, but the laws would be unlikely to take effect until sometime next year if they make it through parliament before the September 14 federal election. Read more on ZDNet.